MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)

Nice Framework

About MITRE ATT&CK Framework

MITRE’s ATT&CK Framework is defined as globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. This framework describes how attackers penetrate networks and then move laterally, escalate privileges, create a persistent state, or generally evade your defenses. ATT&CK looks at the “problem” from the perspective of the attacker, helping cybersecurity professionals determine what goals the attacker is aiming to achieve and what methods the attacker will use to achieve their goals. The framework organizes attacker behaviors into a series of tactics, specific technical objectives that an attacker wants to achieve. For example, an attacker may perform lateral movement to move to a different part of the network where the specific data they are looking for is waiting to be exfiltrated.

Within each tactic category ATT&CK defines a series of techniques. Each technique describes one way an attacker may attempt to achieve their objective. Each tactic contains multiple techniques because different attackers may deploy different attack methodologies based on their own knowledge or circumstance (availability of tools, system configuration, etc.). Each technique defined in ATT&CK includes a description of the method deployed by the attacker, the systems, or platforms the methodologies apply to, and, where known, which attackers or attack groups have been associated with the defined technique. Techniques also provide the process by which the SOC team can mitigate attacker behavior along with any published references to the technique being deployed.


Cybertronium certifications are aligned and mapped to the MITRE ATT&CK Framework.

Cybertronium MITRE ATT&CK Framework Mapped Certifications

  • Certified Penetration Tester (CPT)
  • Certified SOC Analyst (CSOCA)
  • Certified Cyber Threat Intelligence Analyst (CTIA)
  • Certified Red Team Professional (CRTP)
  • Certified Blue Team Professional (CBTP)

The ATT&CK framework includes resources that are purpose-built to help develop analytics that detect the techniques used by attackers as they attempt to breach, explore, and exfiltrate data from your databases. ATT&CK framework also provides information on hacking collectives or groups and the campaigns they’ve conducted, allowing you to be as prepared as possible for a future attack. All these resources are mapped in Cybertronium certifications to provide real-world details on attacks and learn how to defend them at real-time.

Cybertronium certifications mapped with ATT&CK framework helps you to understand how attackers operate so that you can plan and build response playbooks to mitigate attacker incidents. Armed with this knowledge and “attack playbooks” you are now better prepared to understand how your adversaries prepare for, launches, execute their attacks to achieve specific desired objectives, so you can defend and eliminate attacks.